generate a password string to be used by the useradd command - Security

This is a discussion on generate a password string to be used by the useradd command - Security ; How to generate a password string to be used by the useradd command?
e.g. If I want my password to be "zxASqw12", then what should the
parameter of the "useradd test -p" command be?...

generate a password string to be used by the useradd command

e.g. If I want my password to be "zxASqw12", then what should the
parameter of the "useradd test -p" command be?

Re: generate a password string to be used by the useradd command

wong_powah@yahoo.ca:
> How to generate a password string to be used by the useradd command?
>
> e.g. If I want my password to be "zxASqw12", then what should the
> parameter of the "useradd test -p" command be?

The manpage says that's the encrypted password as returned from
crypt. I see there's something called mcrypt to replace crypt, so
maybe:

useradd test -p `mcrypt zxASqw12` #
However, useradd's default is to leave the account disabled, meaning
the user will have to change the password before they'll be allowed
in. If you didn't use something as obvious as "test" for the
username, that might be the way to go.

Re: generate a password string to be used by the useradd command

wong_powah@yahoo.ca (07-07-09 09:11:43):
> How to generate a password string to be used by the useradd command?
>
> e.g. If I want my password to be "zxASqw12", then what should the
> parameter of the "useradd test -p" command be?

Why don't you just use the `passwd' utility?

Regards,
Ertugrul SÃ¶ylemez.

--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.

Re: generate a password string to be used by the useradd command

On Jul 9, 10:24 pm, Ertugrul Soeylemez
wrote:
> wong_po...@yahoo.ca (07-07-09 09:11:43):
>
> > How to generate a password string to be used by the useradd command?
>
> > e.g. If I want my password to be "zxASqw12", then what should the
> > parameter of the "useradd test -p" command be?
>
> Why don't you just use the `passwd' utility?
>
> Regards,
> Ertugrul Söylemez.
>
> --
> Security is the one concept, which makes things in your life stay as
> they are. Otto is a man, who is afraid of changes in his life; so
> naturally he does not employ security.

I want to execute useradd in a script.

Re: generate a password string to be used by the useradd command

On Jul 9, 2:08 pm, "s. keeling" wrote:
> wong_po...@yahoo.ca :
>
> > How to generate a password string to be used by the useradd command?
>
> > e.g. If I want my password to be "zxASqw12", then what should the
> > parameter of the "useradd test -p" command be?
>
> The manpage says that's the encrypted password as returned from
> crypt. I see there's something called mcrypt to replace crypt, so
> maybe:
>
> useradd test -p `mcrypt zxASqw12` #
>
> However, useradd's default is to leave the account disabled, meaning
> the user will have to change the password before they'll be allowed
> in. If you didn't use something as obvious as "test" for the
> username, that might be the way to go.
>
> --
> Any technology distinguishable from magic is insufficiently advanced.
> (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

If the user will have to change the password before they'll be allowed
in, then will the original password be overwritten before it is used?

Re: generate a password string to be used by the useradd command

wong_powah@yahoo.ca (07-07-10 15:06:14):
> > > How to generate a password string to be used by the useradd command?
> > > e.g. If I want my password to be "zxASqw12", then what should the
> > > parameter of the "useradd test -p" command be?
> >
> > Why don't you just use the `passwd' utility?
>
> I want to execute useradd in a script.

So what? Use both in the script.

Regards,
Ertugrul SÃ¶ylemez.

--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.

Re: generate a password string to be used by the useradd command

wong_powah@yahoo.ca wrote:
> On Jul 9, 2:08 pm, "s. keeling" wrote:
>> wong_po...@yahoo.ca :
>>
>>> How to generate a password string to be used by the useradd command?
>>> e.g. If I want my password to be "zxASqw12", then what should the
>>> parameter of the "useradd test -p" command be?
>> The manpage says that's the encrypted password as returned from
>> crypt. I see there's something called mcrypt to replace crypt, so
>> maybe:
>>
>> useradd test -p `mcrypt zxASqw12` #
>>
>> However, useradd's default is to leave the account disabled, meaning
>> the user will have to change the password before they'll be allowed
>> in. If you didn't use something as obvious as "test" for the
>> username, that might be the way to go.
>>
>> --
>> Any technology distinguishable from magic is insufficiently advanced.
>> (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
>> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
>
> If the user will have to change the password before they'll be allowed
> in, then will the original password be overwritten before it is used?
>

There's a bit more to it than this. If you look at the manpage for
mcrypt, you'll see you need a bunch of parameters, and it's not on my
machine anyway. I would suggest better way is to write a wrapper around
the crypt function, see the section 3 man page for crypt. You also need
to generate a "salt", which is just a random string to help add some
strength to the algorithm. Doing this with your chosen password above
yields this string as one possibility:
$1$WpHFiwYg$K8edj5oHulcaYWMq4SNX1.
(Note that the period at the end of the string happens to be part of the
string, not punctuation. Also beware of the $'s when passing this
string through the shell.)

I don't think you have to worry about changing the password by the
user--as far as I can tell from the man page, useradd only disables the
account when the password isn't provided.

Having said all that, wouldn't it be easier to follow the earlier
suggestion, which was to add the user with useradd and then use passwd
to set the password?

--
Steve

Re: generate a password string to be used by the useradd command

On Jul 10, 11:36 pm, Steve Sentoff wrote:
> wong_po...@yahoo.ca wrote:
> > On Jul 9, 2:08 pm, "s. keeling" wrote:
> >> wong_po...@yahoo.ca :
>
> >>> How to generate a password string to be used by the useradd command?
> >>> e.g. If I want my password to be "zxASqw12", then what should the
> >>> parameter of the "useradd test -p" command be?
> >> The manpage says that's the encrypted password as returned from
> >> crypt. I see there's something called mcrypt to replace crypt, so
> >> maybe:
>
> >> useradd test -p `mcrypt zxASqw12` #
>
> >> However, useradd's default is to leave the account disabled, meaning
> >> the user will have to change the password before they'll be allowed
> >> in. If you didn't use something as obvious as "test" for the
> >> username, that might be the way to go.
>
> >> --
> >> Any technology distinguishable from magic is insufficiently advanced.
> >> (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
> >> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
>
> > If the user will have to change the password before they'll be allowed
> > in, then will the original password be overwritten before it is used?
>
> There's a bit more to it than this. If you look at the manpage for
> mcrypt, you'll see you need a bunch of parameters, and it's not on my
> machine anyway. I would suggest better way is to write a wrapper around
> the crypt function, see the section 3 man page for crypt. You also need
> to generate a "salt", which is just a random string to help add some
> strength to the algorithm. Doing this with your chosen password above
> yields this string as one possibility:
> $1$WpHFiwYg$K8edj5oHulcaYWMq4SNX1.
> (Note that the period at the end of the string happens to be part of the
> string, not punctuation. Also beware of the $'s when passing this
> string through the shell.)
>
> I don't think you have to worry about changing the password by the
> user--as far as I can tell from the man page, useradd only disables the
> account when the password isn't provided.
>
> Having said all that, wouldn't it be easier to follow the earlier
> suggestion, which was to add the user with useradd and then use passwd
> to set the password?
>
> --
> Steve